Get APLawrence.com by RSSDo you really need a domain controller?
2007/07/06
Let's start out with the good points: there are advantages to a Microsoft Domain Controller model. Centralized user control, fine grained resource access control: these are often useful and very helpful.
But not every business needs this, and there are disadvantages also. Centralized logon also means no logon if that server acts up. Resource access permissions can be much more than is needed for a small business, and can be confusing to maintain.
Unfortunately, businesses often get pushed into this model when they buy new software. The people installing the software are often fairly clueless about networking in general but what they do know is that setting up a Domain Controller makes their work easier. Note that's "their" work, not necessarily yours.
For example, you may have a mixed environment, and in spite of the shiny new Windows software, you still need some Unix apps. By the way, don't be too quick to pat yourself on the shoulder for replacing that clunking old Unix software. My bet is that in five to ten years you'll be moving back to a Unix or Linux based app: unless Microsoft finds some legal shenanigan to kill Linux, I think that's almost inevitable.
But never mind, here's the barely computer-literate Windows "consultants" come to install your new system. They'll be recommending a Domain Controller model. Push back: ask why their software can't run on a server in a peer to peer network. Almost always the answer is that it can. And doing that just might make your migration less painful. For example, a lot of small businesses have XP Home computers. Microsoft doesn't like those to join a Domain. There are ways around it (just do a Google search for "XP Home join domain") but it's still extra work and hassle.
While I'm thinking about it, do NOT let them confuse you or themselves about the "Domain". This has nothing to do with Internet DNS or your mail domain (and for crying out loud: don't let them talk you into Microsoft Exchange or IIS!). Microsoft (as usual) didn't have a clue about the Internet when they designed this stuff, so they took a meaningful name (domain) and polluted it with their nonsense. A Microsoft Domain Controller might be a DNS server, might be a mail or web server (shudder!) but that has absolutely NOTHING to do with the name you (or they) choose for the domain.
Just don't get pushed faster than you want to go. If you don't understand what they are trying to sell you, hire someone else to intercede and protect your interests. A Domain Controller can be the right choice, but it ain't necessarily so.
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 5 | 71 | 257 | 3,630 | 8,239 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Your ad here - $48.00 yearly!
larryi@ccamedical.com SCO OS5, Debian Linux, RedHat Linux, MySQL, Apache, AJAX development using dXport/dL4/Unibasic, Windows Connectivity, Sharing Resouces, Automation, Shell Scripting
SCO, OpenServer, UnixWare, software, servers, security, networks, installation, administration, troubleshooting, maintenance, Watchguard, firewalls, VPNs, e-mail. Visit us at http://opensystemscomputing.com and www.go2unix.com.
UBB Computer Services Support for Openserver, Unixware and Linux. Windows integration with Unix/Linux servers. Hardware, Backup and Networking issues. Located near Sacramento CA, we provide onsite support throughout Northern CA and Nationwide via remote access. We are a SCO Authorized Partner and a Microlite BackupEdge Certified Reseller.
- Nov 20 15:45
Ayup, logged out of Gmail, came back in and "Themes" was in "Settings.. I like the "default" but "Minimalist" tempts me also. - Nov 20 15:42
My google account doesn't have a "Themes" option yet but it did *change* its theme suddenly.
Related Posts
Sat Jul 7 01:04:27 2007: Subject: BigDumbDinosaur
Centralized logon also means no logon if that server acts up.
Sounds like a good reason to run Samba. It very seldom "acts up." My office file and print server hasn't acted up in some seven years -- and it isn't running Windows whatever. <Smile>
Resource access permissions can be much more than is needed for a small business, and can be confusing to maintain.
That would be somewhat dependent on the type of business. In an auto repair shop, I agree that such control is probably overkill, although you wouldn't want mechanics peeking into the payroll or general ledger, eh? In a medical clinic or bank, detailed control of access permissions is often required to comply with legal mandates such as HIPAA, with which all health care providers must comply in the USA. As for being confusing, that's more a Windows problem than anything else. At least on the Samba side of things, access control is straightforward and consistent in behavior.
Setting up a PDC does have the advantage of users having roaming profiles, which result in a consistent desktop environment on any machine that is part of the domain. In this respect, Samba is a bit more complex to set up. However, once the roaming profile setup has been debugged it is very trustworthy.
Unfortunately, businesses often get pushed into this model when they buy new software. The people installing the software are often fairly clueless about networking in general but what they do know is that setting up a Domain Controller makes their work easier. Note that's "their" work, not necessarily yours.
Ain't that the truth? I have to deal with these clueless MCSEs on a regular basis and most of them don't know their asses from a hole in the ground when it comes to networking.
My bet is that in five to ten years you'll be moving back to a Unix or Linux based app: unless Microsoft finds some legal shenanigan to kill Linux, I think that's almost inevitable.
At this point in time, I can't see Billy-boy and his lackeys killing Linux. It has become too entrenched in the computing world and even Microsoft can't marshal the resources that would be required to mount a successful battle to stop Linux. Linux achieved critical mass several years ago and is now like a freight train headed downhill with no brakes. Killing Linux would be like trying to stop citizens from speeding on the interstate: too many speeders and not enough cops.
For example, a lot of small businesses have XP Home computers. Microsoft doesn't like those to join a Domain.
XP home is way too lame to be used in a business setting. Why bother?
Just don't get pushed faster than you want to go. If you don't understand what they are trying to sell you, hire someone else to intercede and protect your interests.
True of almost anything to do with computers. They aren't like toasters!
Fri Jul 13 03:42:17 2007: Subject: drag
I don't realy think you can setup Windows workgroup anymore without setting up a domain.
I think I remember hearing the Samba developers talking about a bug with authentication were Windows 2003 and XP could not share files or whatnot without a domain controller. They accidently recreated it when they added compatability code for windows-based handheld devices.
I think that it's not going to be long before you won't be able to even administrate windows machines without a domain controller.
Add your comments
Lone-Tar Backup and Disaster Recovery
for Linux and Unix